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(57) Abstract: Method and system for bonding a first Blue- 
tooth device (5, 8) to a second Bluetooth device (1, 15, 22), 
with both devices placed in a bonding mode, by having the first 
devcie to generate a random passkey and transmitting it in a 
manner which is descemible by a user (2) of the devices, or by 
sensor means (11, 19) of a reader unit (10, 18). or by sensor 
means (23) of the other device (22). The reader unit (10) may 
convert a received signal carrying a passkey which is undis- 
cemible by the user (2) into a presentation which is discernible 
by user (2). Upon discerning the password the user (2) may en- 
ter the password in the other device (1) in the usual way Said 
other Bluetooth device (15, 22) may have sensor means (16, 23) 
for sensing a signal carrying a password transmitted by a reader 
unit (18) or by the Bluetooth device (8). 
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Title: Method for bonding two Bluetooth devices and system suitable 
for applying the method. 

The invention relates to a method for bonding two Bluetooth 
devices as described in the preamble of claim 1. The invention also 
relates to a system which is suitable for applying the method as 
described in the preamble of claim 6. 

The Bluetooth technology provides for a short range connection 
between devices based on 2 . 4 GHz radio technology. The range is 
about 10 meters and the devices do not have to be in line of sight 
to communicate. The maximum bandwidth for data traffic is 1 Mb per 
second. Bluetooth is operating in the free ISM band, which is also 
used by many other devices. Bluetooth prevents disturbance by other 
devices by hopping over 79 frequencies every 1/1600 second- 
When a communication, cable between two devices is replaced by 
the use of radio signals for communication there will be a need to 
prevent eavesdropping and falsifying transmitted messages. Therefore 
the Bluetooth technology has built-in functionality for 
authentication and encryption. Authentication is used to prevent 
unwanted access to data and to prevent falsifying of message 
originator. Encryption is used to prevent eavesdropping. These two 
techniques combined with the frequency hopping technique and the 
limited transmission range for a Bluetooth unit give the technology 
higher protection against eavesdropping. Dependent on the 
application which is to be executed the Bluetooth concept provides 
three levels of security: 

1. non-secure; this mode bypasses functionality for 
authentication and encryption. 

2- service-level security; security procedures on this level 
have not been fully established yet. 

3. link-level security; security procedures are initiated 
before the link set-up upon completion of a Link Manager Protocol 
(LMP) which is responsible for link set-up between Bluetooth 
devices . 
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The link-level security mode is based on the concept of link 
keys. These keys are secret 128 bit random numbers stored 
individually for each pair of devices in a Bluetooth connection. 
Each time two Bluetooth devices communicate the link key is used for 
5 authentication and encryption. Both devices contain the same link 
key which is generated locally in each device based on a passkey . 
which is common for both devices or common information derived from 
such passkey. The link key is kept secret in each device. 

If one wants to use two Bluetooth devices with secure 

10 communication between the devices it is necessary to firstly create 
a trusted relationship between the devices by the user. To that end 
the user puts the devices in a bonding mode upon which the devices 
ask the user to enter a passkey, which may be selected arbitrarily 
by the user. Upon entering the passkey in a device the device will 

15 generate a piece of information based on the passkey. The piece of 

information will be identical for both devices . From then on the two 
devices are bonded and there is no need to keep the passkey by the 
user or the devices any longer. In a second stage the passkey based 
piece of inf oinuation is used by each device to generate and store a 

20 common link key. From that moment on the two devices are paired. The 
next time the devices get connected the stored link key on both 
sides will be checked. If the link keys match no request for 
entering a passkey will be generated. If the link keys do not match 
the above bonding and pairing procedures must be carried out again. 

25 If the Bluetooth devices which are to be bonded are both 

equipped with display means and manual input means, in particular a 
keyboard, there will be no difficulty to enter the passkey by a user 
of the devices for the bonding procedure. 

If one device is not equipped with such an input device the 

30 device presently needs to contain a factory programmed passkey. 

There are two common ways of handling stored passkeys. Firstly the 
passkeys may be default identical for all manufactured devices of a 
specific type. Secondly the passkeys may be unique per device. 
A drawback of the first solution of handling a factory 

35 programmed passkey is that the Bluetooth security is weakened. Since 
the value of the passkey is essential for creating the link key and 
the passkey being identical for all devices of the same type a 
Bluetooth connection between them cannot be considered secure. 
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A drawback of the second solution is that the manufacturer 
must maintain a logistic system for handling the many different 
passkeys, each unique passkey must be communicated to its ultimate 
user individually, e.g. printed on a box containing a specific 
5 Bluetooth device in which the passkey is stored, and the 

manufacturer must provide a way to restore devices for which the 
passkey is lost- There must be a support organisation for handling 
lost passkey requests. Such a logistic and supporting system will be 
very complex and expensive to maintain. 
10 It is an object of the invention to solve the above mentioned 

drawbacks . 

Therefore the invention provides a method as described in 
claim 1 . 

With the method according to claim 1, for entering a passkey 
15 in a Bluetooth device, the device needs not to be equipped with a 

keyboard or such type of physical interface, but any other non-radio 
communication interface can be used. In particular such non-radio 
communication interface is part of the device in the first place for 
normal use of the device. The device may present the randomly 
20 generated passkey in several ways, such as by transmission of sound 
or light. 

When applying the method according to the invention the 
manufacturer may make all Bluetooth devices generic. Still, the 
devices are able to support Bluetooth encryption in a secure way. 
25 There are no logistical costs attached to the method. Since the 
passkey is uniquely generated every time the device needs to be 
bonded with another device and on demand by a user of the devices, 
loosing a passkey is not longer an issue and therefore does not 
impose costs for retrieving same. 
30 The above mentioned drawbacks are solved also by a system as 

described in claim 6. 

The invention will be described in further detail with 
reference to the accompanied drawings in which: 

fig. 1 shows schematically a system in which a prior art 
35 method is applied for entering a passkey into two Bluetooth devices 
by a user thereof; 

figs. 2, 3, 4 and 5 show first to fourth examples respectively 
of a system according to the invention in which the method according 
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to the invention for entering a passkey into two Bluetooth devices 
is applied, 

The prior art method shown schematically in fig. 1 is suitably 
for manually entering a passkey into two Bluetooth devices 1 by a 
5 user 2. The devices 1 may comprise a display means 3 and an input 
means 4, such as a keypad. 

The arrows shown in fig. 1-5 indicate the entering or 
transmission of a passkey. 

Although indicated as Bluetooth devices, the devices 1 and 
10 those to mention may in fact be larger or complexer pieces of 

equipment containing a pure Bluetooth device integrated therewith. 
For simplicity the devices as a whole are called Bluetooth device. 

The user 2 may choose any suitable passkey arbitrarily. Upon 
putting the devices 1 in a bonding mode the user 2 may enter the 
15 passkey into both devices 1 by using their input means 4. Upon 

completion thereof each device 1 will use the passkey to generate a 
link key which will be identical for both devices 1. With every 
communication session between the devices 1 the devices 1 will check 
the identity of their link keys by transmitting data which is 
20 encrypted by the link key and by analysing a similar received 

transmission for its validity or identity with the locally stored 
link key. 

The method exemplified by fig. 2 may be applied for providing 
a common passkey to two Bluetooth devices, such as devices 1, 5, of 

25 which one device 5 does not comprise the input means 4 and possibly 
not the display means 3 of the device 1. Instead, device 5 is 
provided with some kind of transmission means 6- The transmission 
means 6 may be an acoustic or optical transducer for transmitting a 
sound signal or light signal respectively which is discernible by 

30 the user 2. The light signal may be of any type, such as light 
flashes or the display of readable characters. 

Bluetooth device 5 contains a random nximber generator (not 
shown) for generating a random passkey upon putting the device 5 in 
bonding mode by user 2. Device 5 will transmit the randomly 

35 generated passkey, such that the user 2 can hear, read or otherwise 
discern the passkey. Then, user 2 may enter the passkey discerned 
from device 5 into the other device 1 in the same way as with the 
prior art method shown in fig. 1. 
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Preferably the transmission means 6 of device 5 consist of 
means which are incorporated in device 5 anyway for normal use of 
device 5, that is apart from said bonding. 

The method exemplified by fig, 3 differs from the method shown 
5 by fig. 2 in that Bluetooth device 5 is replaced by Bluetooth device 
8 having transmission means 9, and comprising in addition a reader 
unit 10. Reader unit 10 comprises a sensor 11 which is suitable for 
sensing a signal transmitted by the transmission means 9 of device 
8 . In addition reader unit 10 comprises transmission means 12 which 

10 are suitable for transmitting a signal which is discernible by the 
user 2, such as a signal transmitted by transmission means 6 of 
device 5 of fig. 2. 

The transmission means 9 of device 8 of fig, 3 may be of a 
type which transmits a signal which is undiscernible by user 2. 

15 Reader unit 10 may be used to convert a signal transmitted by 

transmission means 9 into a transmission signal which is discernible 
by user 2. Yet, the example of fig. 3 is also applicable for a case 
in which a signal transmitted by transmission means 9 is 
discernible by user 2, but which is possibly difficult to discern. 

20 For example, the signal transmitted by transmission means 9 may 
consist of a series of light flashes with short intervals, while 
transmission means 12 may provide a converted presentation of a 
passkey carried by the light flashes, such as a spoken or readable 
message . 

25 The method exemplified by fig. 4 differs from the method shown 

by fig. 3 in that Bluetooth device 1 is replaced by a Bluetooth 
device 15, which comprises a sensor means 16 instead of the input 
means 4 of device 1, and reader unit 10 is replaced by a reader unit 
18 having sensor means 19 and transmission means 20. 

30 Reader unit 18 differs from reader unit 10 of fig. 3 basically 

in that a signal carrying a passkey transmitted by transmission 
means 20 need not to be discernible by user 2 but must be suitable 
to be sensed by sensor means 16 of device 15. 

Preferably, sensor means 16 consist of means which are already 

35 present for normal operation of device 15. 

The method exemplified by fig. 5 differs from the method shown 
by fig. 4 in that Bluetooth device 15 is replaced by Bluetooth 
device 22 having sensor means 23 which are suitable for sensing a 



wo 02/056536 



6 



PCT/NLO 1/00008 



signal carrying a passkey transmitted by transmission means 9 of 
device 8 directly. The user 2 only needs to bring devices 8 and 22 
in proper proximity of each other. 

As described herein before the method and system according to 
5 the invention and as exemplified with reference to figs. 2-5 make it 
possible for a manufacturer to only manufacture identical Bluetooth 
devices not containing passkeys and not having passkeys allocated 
thereto, while preserving the possibility of secure communications 
between two Bluetooth devices offered by Bluetooth technology, 
10 against very reduced costs. 
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CLAIMS 

1. Method for bonding a first Bluetooth device (5, 8) to a second 
Bluetooth device (1/ 15, 22) comprising: 

5 a) placing the devices in a bonding mode; 

b) providing a passkey which is identical for both devices; 

c) storing the passkey in each device; 

d) generating identical passkey based information in both 
devices; 

10 e) leaving the bonding mode while further ignoring the 

password; 

characterized in that ; 

the step of providing a passkey includes: 

bl) generating a random passkey by the first device; 
15 b2) presenting the random passkey by the first device to its 

outside by non-radio transmission; 

b3) sensing the random passkey from the outside of the first 

device; 

b4) providing the sensed passkey to the second device - 

20 

2. Method for bonding two Bluetooth devices (1, 5) according to 
claim 1, characterized in that the sensing of the passkey and 
providing the sensed passkey to the second device (1) are carried 
out by a user (2) of the devices (1, 5) only. 

25 

3. Method for bonding two Bluetooth devices (1, 8) according to 
claim 1, characterized in that the sensing of the passkey is carried 
out by a reader unit (10) which is separate from the first device 
(8) , the reader unit presents the sensed passkey to its outside by 

30 non-radio transmission and discernable to a user of the devices, and 
the passkey discerned from the reader unit by the user (2) is 
entered by the user into the second device (1) . 

4. Method for bonding two Bluetooth devices (8, 15) according to 
35 claim 1, characterized in that the sensing of the passkey is carried 

out by a reader unit (18) which is separate from the first device 
(8) and the reader unit presents the sensed passkey to its outside 
by non-radio transmission and discernable to a sensor (16) of the 
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second device (15) to thereby provide the second device with the 
passkey- 

5. Method for bonding two Bluetooth devices (8, 22) according to 

5 claim 1, characterized in that the sensing of the passkey is carried 
out by a sensor (23) of the second device (22) to provide the second 
device with the passkey. 

6. System of a first Bluetooth device (5, 8) and a second 
10 Bluetooth device (1, 15, 22), the devices comprising: 

a) mode selection means for placing the devices in a bonding 

mode; 

b) means for providing a passkey to the devices, the passkey 
being identical for both devices; 

15 c) storage means for storing the respective passkey in each 

device; 

d) generator means for generating identical passkey based 
information; 

e) reset means for leaving the bonding mode and for clearing 
20 the passkey; 

characterized in that ; 

the means for providing the passkey includes: 

bl) generator means of the first device for generating a random 
passkey; 

25 b2) output means (6, 9) of the first device for outputting the 

random passkey by non-radio transmission. 

7. System according to claim 8, characterized in that the output 
means (6) of the first device (5) outputs the passkey in a manner 

30 which makes it discernible by a user (2) of the devices (1, 5) . 

8 . System according to claim 8 , characterized by a reader unit 
(10) having sensor means (11) for sensing the passkey outputted by 
the output means (9) of the first device (8) and having output means 

35 (12) for outputting the sensed passkey by non-radio transmission and 
discernable to a user (2) of the devices (1, 8) . 
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9. System according to claim 8^ characterized by a reader unit 
(18) having sensor means (19) for sensing the passkey outputted by 

the output means (9) of the first device (8) and having output means 
(20) for outputting the sensed passkey by non-radio transmission and 

5 discernable to sensor means (16) of the second device (15) to 
thereby provide the second device with the passkey. 

10. System according to claim 8, characterized in that the output 
means (9) of the first device (8) outputs the passkey in a manner 

10 which makes it discernable to sensor means (23) of the second device 
(22) to thereby provide the second device with the passkey. 
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